Problems with TNG and LDAP

nazard at dragoninc.on.ca nazard at dragoninc.on.ca
Mon Feb 21 18:51:11 GMT 2000 

On 22 Feb, Inge-Håvard Hunstad wrote:

> Ok, now I have used over a week trying to compile and run samba_tng with
> support for ldap. So now I'm giving up and cry for help. My problem is
> that after joining the domain and the complementary reboot I can't log
> on to the domain from a NT4WS sp3. The error messages is this:
> 
> The system cannot log you on to this domain because the systems computer
> account in its primary domain is missing or the password on that account
> is incorrect.
> 
> or this:
> 
> The system cannot log you on because the domain LDAP is not available. 

I've been successfully using the ldap backend for several months. Note
that this is the original style ldap, not the new NT5LDAP.

> the NETLOGON logfile have these errors:
> 
> ERROR: become root depth is non zero
> ERROR: unbecome root depth is 0
> ERROR: setgroups call failed!

Here's the patch I've been using to work around that error.

Index: util_sec.c
===================================================================
RCS file: /cvsroot/samba/source/lib/util_sec.c,v
retrieving revision 1.2.4.1
diff -u -w -r1.2.4.1 util_sec.c
--- util_sec.c	2000/01/14 22:01:19	1.2.4.1
+++ util_sec.c	2000/02/21 18:40:47
@@ -42,6 +42,17 @@
 #define smb_panic(x) exit(1)
 #endif
 
+#if HAVE_SETRESUID
+  #define USE_SETRESUID 1
+#elif HAVE_SETEUID
+  #define USE_SETEUID   1
+#elif HAVE_SETREUID
+  #define USE_SETREUID  1
+#elif HAVE_SETUIDX
+  #define USE_SETUIDX   1
+#endif
+
+
 /****************************************************************************
 abort if we haven't set the uid correctly
 ****************************************************************************/



> ldap suffix = "ou=People,dc=student,dc=uit,dc=no"

If you're trying to share entries with the system accounts per RFC2307, I've also found the following patch useful

Index: ldap.c
===================================================================
RCS file: /cvsroot/samba/source/passdb/ldap.c,v
retrieving revision 1.36
diff -u -w -r1.36 ldap.c
--- ldap.c	1999/03/25 13:54:30	1.36
+++ ldap.c	2000/02/21 18:49:35
@@ -272,11 +272,11 @@
 	*mods = NULL;
 	if(operation == LDAP_MOD_ADD) { /* immutable attributes */
 	      ldap_make_mod(mods, LDAP_MOD_ADD, "objectclass", "sambaAccount");
-
+/*
 	      ldap_make_mod(mods, LDAP_MOD_ADD, "uid", newpwd->unix_name);
 	      slprintf(temp, sizeof(temp)-1, "%d", newpwd->unix_uid);
 	      ldap_make_mod(mods, LDAP_MOD_ADD, "uidNumber", temp);
-
+*/
 	      ldap_make_mod(mods, LDAP_MOD_ADD, "ntuid", newpwd->nt_name);
 	      slprintf(temp, sizeof(temp)-1, "%x", newpwd->user_rid);
 	      ldap_make_mod(mods, LDAP_MOD_ADD, "rid", temp);

More information about the samba-ntdom mailing list